package com.lyc.security;

import com.lyc.constant.Constant;
import com.lyc.dao.PermissionMapper;
import com.lyc.dao.RoleMapper;
import com.lyc.dao.UserMapper;
import com.lyc.entity.Permission;
import com.lyc.entity.Role;
import com.lyc.entity.User;
import com.lyc.utils.CollectionUtil;
import com.lyc.utils.MD5Util;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.apache.solr.common.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;

import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.List;

/**
 * @Author YooLin
 * @Date 2017/8/14 19:40
 * @Description 自定义shiro授权和身份认证realm
 */
public class MyRealm extends AuthorizingRealm {

    @Autowired
    private UserMapper userMapper;

    @Autowired
    private RoleMapper roleMapper;

    @Autowired
    private PermissionMapper permissionMapper;

    //获取数据库中用户-角色-权限数据
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo authorizationInfo = null;
        String username = principalCollection.getPrimaryPrincipal().toString();//获取session中存储的登录用户名
        if (!StringUtils.isEmpty(username)) {
            User user = userMapper.selectByUsername(username);
            if (user != null) {
                List<Role> roles = user.getRoles();
                if (CollectionUtil.notEmpty(roles)) {
                    authorizationInfo = new SimpleAuthorizationInfo();//创建存储角色-授权信息的对象
                    for (Role role : roles) {
                        authorizationInfo.addRole(role.getRole());//添加角色信息
                        List<Permission> permissions = role.getPermissions();
                        if (CollectionUtil.notEmpty(permissions)) {
                            for (Permission permission : permissions)
                                authorizationInfo.addStringPermission(permission.getPermission());//添加权限信息
                        }
                    }
                }
            }
        }
        return authorizationInfo;
    }

    //身份认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (authenticationToken instanceof UsernamePasswordToken) {
            UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
            User user = userMapper.selectByUsername(token.getUsername());
            if (user != null) {
                //保存到session中
                Session session = SecurityUtils.getSubject().getSession();
                session.setAttribute(Constant.CURRENT_USER, user);
                session.setTimeout(18000);//5小时
                //ByteSource.Util.bytes(user.getUsername()) md5加盐
                return new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), ByteSource.Util.bytes(user.getUsername()), this.getName());//执行自定义密码校验器
            }
        }
        return null;
    }
}
